My Organization Uses Mimecast. Can I Still Send Phishing Tests to My Users?
If you're utilizing Mimecast's services, you can whitelist KnowBe4 to allow our simulated phishing test emails and training notifications through to your end users.
The below steps describe how to set up a Permitted Senders policy. However, you may want to review these additional Mimecast resources to implement more policies to allow the use of KnowBe4's various services.
Additional Mimecast Resources
- Anti-Spoofing Policies
- Configuring Impersonation Protection
- If you’re sending whaling/phishing emails purporting to come from users/domains that look like they are internal to the organization
- Attachment Management
- Corresponds to file types that are blocked or stripped
- Attachment Protect
- Transcription and sandboxing services
- Targeted Threat Protection/URL Protect
- How Do I Prevent Mimecast From Re-Writing Phishing Links?
- Suspected Malware Bypass Policies
- Permitted Senders Policies
How to Set Up a Permitted Sender Policy in Mimecast
To successfully whitelist our phishing and training related emails when using Mimecast, you should create a new Permitted Sender policy to allow our phishing and training related emails through.
Do not edit your default Permitted Sender policy. A new one must be created.
Set the policy as shown in the below screenshot, and include our three IP's which we send mail from, listed below:
If you're on the EU instance of KnowBe4, the IP addresses you need to whitelist will be different. See here for more information.
This new policy will allow any inbound mail flow originating from our three IP addresses to reach your users.
If you have difficulties whitelisting through Mimecast, an alternative option is smart hosting, which will allow us to bypass Mimecast and send our phishing tests directly to your mail server. For more information on smart hosting, contact support.